Sonatype Blog: Latest Posts

Carberp Banking Trojan Goes Commercial

Threatpost – (International) Carberp banking trojan goes commercial; Adds bootkit and $40k price tag. Weeks after the banning of Aquabox, the keeper of the Citadel banking trojan, from an underground forum, another player has popped up to fill the market gap, this time with a new version of the Carberp trojan. This is a first for the Carberp gang, which until now had never sold its malware in the open, said a communications specialist and team leader for RSA Security’s FraudAction team. The new version of the banking malware comes with beefed up data-stealing capabilities and the addition of the Rovnix bootkit and builder kit for a hefty $40,000 price tag. For fees ranging between $2,000 and $10,000, customers can buy the kit as a service, sans the builder and bootkit. The addition of Rovnix, the researcher said, is an especially interesting twist in that it infects a computer’s volume boot record, giving it ring0 privileges and making not only difficult to detect, but clean up.